The Plater Trust and the General Data Protection Regulations
Although the Trust collects very limited personal data, it is prudent to set out how the Trust complies with the new General Data Protection Regulations (GDPR) coming into force in May 2018.
The Plater Trust is a small charitable trust which does not employ staff and is managed by a contracted trust manager under the direction of trustees. It awards grants to relevant organisations in England and Wales and therefore does not have individual beneficiaries. (See www.plater.org.uk )
1. What personal data does the Trust collect, and what is it used for?
The Trust holds basic contact details of people with whom it needs to communicate. This includes:
- trustees, committee members and those involved in the governance of the Trust
- those who provide legal, financial, audit and other professional services to the Trust
- applicants for grants awarded by the Trust
- other agencies who contribute to the effective working of the Trust and its work
2. Who is the data shared with?
The data is held purely for communications purposes and not shared with other organisations or individuals.
3. Where does this data come from?
All the data derives from details supplied to the Trust by the people concerned (i.e. trustees, applicants etc.).
4. How is the data stored?
All data is held electronically. The contact data is held in the Trust’s Outlook Contacts which is a password protected component of the Catholic Education Department’s cloud-based Office 365 account. Additional contact details are held in files containing details of applications for grants. These are also held in a secured Office 365 account.
5. Who is responsible for ensuring compliance with the relevant laws and regulations?
The roles of Data Controller and Data Processor are held by the Trust Manager, who maintains the Contacts database and the Trust’s operational filing system.
6. Who has access to the data?
The Trust Manager has day to day access to the data. In his/her absence, access can be obtained by designated officers of the Catholic Education Service.
7. What is the legal basis for collecting this data?
All the personal data is held for the necessary operation of the Trust’s activities.
8. How long does the Trust hold the data?
In the case of Contacts data, as long as the need to communicate with the individual remains. Filed documents relating to applications etc. are retained for an indefinite period for reference.
9. Does the Plater Trust website track personal data?
The Trust’s website (www.plater.org.uk) uses Google Analytics to track visits to the site. This is anonymised data used only to assess the number of visits to the various pages on the website.
10. How you can check what data the Trust holds about you?
By contacting the Trust Manager at firstname.lastname@example.org